Well that explains it.

Thanks.

Im also getting the same error trying to install wget.

/root(10): pkg_add -r wget
Error: Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.1-release/Latest/wget.tbz: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.1-release/Latest/wget.tbz' by URL

Nothing to "start" per se but it has to sync the sudoers file with the user permissions in the config. Especially on embedded systems post-upgrade.

I just bumped the sudo pkg with a fix, let me know if it doesn't work.

All good now, thanks!

(Will post other issues to the new thread  if required.)

Excellent, all works without any custom config lines now! Thanks!

I pushed a fix for this - please test it and let me know.

There is quite a bit to still do on this package :/

Glad I could help. Snort not working in a transparent bridge is almost guaranteed to be caused by incorrect automatic IP assignments to the variables, just for future google reference.

See here for some discussion: https://github.com/jochenwierum/openvpn-manager/issues/17
OpenVPN Manager needs to use a different management channel for each OpenVPN client that it can control. A default config generated by the client export utility has:

# open management channel management 127.0.0.1 166

The 166 needs to be replaced by a different number for each client that is going to be available on the same end-user laptop.
I will submit pull requests for code to allow this to be specified and put in the client export utility generated configs…

@jimp:

sendmail? No. Never.

Personally, I'm a "Windows man", so a lot of these pfSense related things are hard for me to know if they are pfSense-spesific or standard for unix based systems.
Am I right to assume that "sendmail" is a common feature, and thus not a natural part of arpwatch?

@jimp:

If you just need to send mail, 2.1 has a CLI program mail.php that will take input from stdin and send it using the configured notification e-mail settings.

Isn't the problem here that arpwatch doesn't do anything towards notifications?
I might be on thin ice here, but what I'm trying to achieve is to get some sort of notification each time a new IP is logged in arpwatch.
If this can be achieved with mail.php, could you give a clue as to how I should proceed to reach my goal?
(The pfSense notifications have been configured, and test emails (and growls) are arriving as expected.)

I suppose your choices are HAPV + clamd or dansguardian + clamav.  Haven't tried HAPV because it looked like was going to maybe cause issues with my simple squid setup I run.

I was using dansguardian + clamav with all the filters except clamav turned off for a while.  I made an alias group of only windows computers on the network and only those were "filtered" through dansguardian, which was only doing AV scanning and no filtering.

That works, but I eventually turned it off because I have government issue symantec corporate AV solutions that never expire on all the windows machines running on the network, so they were pretty much covered anyway.

Super, thanks!

Just a note regarding the operation, I just pulled2.1-RC1 (i386) built on Wed Aug 21 01:29:33 EDT 2013 FreeBSD 8.3-RELEASE-p9after first removing the bandwidthd package out of my older 2.0.3 installation. After working out my RRD issues (something about the database not converting properly, fixed with reset of my old data) I went to the bandwidthd menu to set it up again. Very cool to see the new fields there for database logging! Anyway, unchecking the enable bandwidthd box and clicking save rendered the menu URL```
/pkg_edit.php?xml=bandwidthd.xml&id=0

I was able to repeat the problem a couple of times. I don't think this is a big deal, I just prefer to enter all of my settings with the service disabled while I work out all the niggles. arri

#1 - Not in the public repositories. Nobody else there is doing Java.

#2 - I work for ESF, the parent company behind pfSense, and we are the official source of pfSense support/consulting. We could assist with developing a package as a part of the usual support hours/time. See the link in my sig.

@jflsakfja:

Ding! Ding! Ding!

Run from Diagnostics>Command prompt (I've checked the em1 directory, it's correct)

$ grep 2000419 /usr/local/etc/snort/snort_7104_em1/rules/snort.rules
(no results so nothing found)

$ grep 2000419 /usr/local/etc/snort/snort_7104_em1/rules/flowbit-required.rules

Category: emerging-policy  GID:1  SID:2000419

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY PE EXE or DLL Windows file download"; flow:established,to_client; file_data; content:"MZ"; within:2; byte_jump:4,58,relative,little; content:"PE|00 00|"; distance:-64; within:4; flowbits:set,ET.http.binary; reference:url,doc.emergingthreats.net/bin/view/Main/2000419; classtype:policy-violation; sid:2000419; rev:17;)

The rule indeed looks enabled from my point of view

Thanks for the quick feedback.  This confirms my suspicion.  I will put in a fix for this in the upcoming package update (pkg. 2.6.0).  In the meantime a Suppress List Entry is a viable work around.

Bill

Anybody? I started playing around with Untangle and finally got it working. I like it, but the block page is proving harder than I thought to customize. They want you to pay for branding, and the blockpage is over-written with each update to Untangle. I also tried moving to Squid 3 and Squid 3 dev for HTTPS filtering, but I couldn't even get the services to start. I didn't play around with it too much because I wasn't liking the idea of using beta software in production anyway, and I took the services not starting as a sign that I should move on to a stable solution.

Same problem here. We have web server in local network (10.x.x.x) and it uses NAT to get access to internet. Problem is that sending data takes over 180sec and its timed out when it goes thrue pfsense. If I change postfix relayhost to 10.x.x.x network (it does not go thrue pfsense) it works just fine.

Client mail log:
Aug 19 21:22:55 nginx postfix/smtp[27134]: ABCDEFHTEOT: to=someone@somewhere.com, relay=mail.server.com[xx.xx.xx.xx]:25, delay=37971, delays=37791/0.01/0.07/180, dsn=4.4.2, status=deferred (conversation with mail.server.com[xx.xx.xx.xx] timed out while sending message body)

Mail Server log:
Aug 19 21:22:55 mail postfix/smtpd[9514]: timeout after DATA (66017 bytes) from unknown[10.x.x.x]
Aug 19 21:22:55 mail postfix/smtpd[9514]: disconnect from unknown[10.x.x.x]/someone@somewhere.com

If you set the day of the week to blank it automatically reverts to Sunday.
Anyway - This HAS worked until a few days ago, even when set to Daily and Sunday.

Thats all I can think of unless there is something unique about the website that hates squid.  Maybe just bypass the site for squid.

BTW - Why is the loopback interface selected to bind too?

Why not just the LAN?